Are You Guarding Your Traffic Systems Against Cybersecurity Threats?

Gone are the days of cybersecurity plans that simply involve firewalls and antivirus software to protect information and computer systems. While they are a critical component, of course, cybersecurity has a much bigger responsibility now: protecting the public.

Today, in such a connected world, our health, productivity and well-being often depend on the secure operation of critical infrastructure, including intelligent traffic systems (ITS). This means cybersecurity is no longer just a data security issue—it’s a public safety issue.

More cities, municipalities, state authorities and private-sector businesses are deploying ITS solutions to manage how society moves and gather real-time data about:

• The types of cars on the road
• Traffic levels
• Potential areas of congestion
• Where vehicles are going
• The environmental impacts of travel
• Road conditions
• Accidents and emergencies
• Toll usage and fees

ITS systems also serve as the foundation for smart roads that will support connected cars and autonomous vehicles.

But, as ITS systems become more connected, they also become more vulnerable to cybersecurity threats. An attack on an ITS system can involve tampering with digital roadway signage, traffic lights, automated toll collection, weather stations, traffic cameras, dynamic road barriers and navigation aids. The effects can range from traffic jams and accidents to financial losses.

As more smart vehicles hit the open road, threats to ITS systems will increase. These threats can include physical attacks, such as brute force or guessing credentials; wireless attacks, such as remote hijacking of controls; or network attacks, such as installing malware or exploiting software and hardware vulnerabilities.

Infrastructure resiliency—the ability to withstand an attack, continue to deliver essential services and recover quickly—can mean the difference between a traffic disaster and safe, smooth traffic flow.

Best practices to manage ITS cybersecurity threats

While every situation is unique, there are some cybersecurity best practices you can employ to protect your critical traffic infrastructure.

• Conduct a risk assessment. This will help you understand your network’s level of risk and rate the state of your cyber defenses. During this evaluation, also assess the cybersecurity measures of the ITS vendors and partners you work with.
  
  
• Understand your security gaps. A risk assessment will help you determine where these gaps or vulnerabilities exist so they can be remedied.
  
  
• Invest in training and awareness. Provide employees with education on emerging cybersecurity threats and their impacts, as well as how they should respond if they detect a possible attack.
  
  
• Maintain software updates and patch management. This is a critical step in reducing vulnerabilities that can be exploited.
  
  
• Develop an incident response plan. This plan acts as a roadmap in the event of a breach or other security incident so you can minimize the impact of a cyberattack and swiftly recover.
  
  
• Deploy monitoring capabilities. Make sure you can monitor, prevent and detect malicious network activity so you can identify and respond to an attack right away.
  
  
• Develop and abide by standardized cybersecurity practices. This can help you prepare for, respond to and mitigate the impacts of cyberthreats. There are many forms of guidance you can use to create practices.

You’re not alone in your cybersecurity mission

The U.S. Department of Transportation’s ITS Cybersecurity Research Program recommends these resources to guide your journey.

1. NIST cybersecurity framework

This is voluntary guidance that helps businesses of all sizes understand, manage and reduce cybersecurity threats to protect their networks and data. While not specific to ITS, it maps out five elements that apply to any cybersecurity initiative:

1. Identify critical assets and understand their risks
   
   
2. Protect those critical assets from cybersecurity threats through safeguards like security controls and protocols
   
   
3. Detect cybersecurity incidents as they occur through monitoring and detection systems
   
   
4. Respond to cybersecurity threats when they arise through well-defined incident response and escalation plans
   
   
5. Recover from a cybersecurity incident and restore resilience 

The U.S. DOT is currently developing new approaches, strategies and examples for agencies on how to incorporate cybersecurity into decision-making and how to address cybersecurity issues for the ITS ecosystem. These will be incorporated into the NIST Cybersecurity Framework.
  

2. ISO/IEC 270001 standards

These standards closely align with the NIST Cybersecurity Framework mentioned above, offering up best practices to boost information security with a compliance component.

These standards describe how to implement information security best practices within three pillars: people, processes and technology.

3. Critical Infrastructure Protection standards

Critical Infrastructure Protection (CIP) standards ensure that you have the right physical and cybersecurity measures in place to protect critical infrastructure from threats.

Although they focus primarily on utilities, they can also help transportation agencies make dramatic improvements to protect their own critical infrastructure by providing prescriptive guidance in categories like:

• Control center communications
• Incident response
• Network security
• Personnel and training
• Physical security of cyber assets
• System security controls
• Vulnerability management 

4. Multi-State Information Sharing and Analysis Center (MS-ISAC) collaborative

This membership-based collaborative focuses on improving cybersecurity posture in state, local, tribal and territorial governments through cybersecurity threat prevention, protection, response and recovery.

Protect your Intelligent Traffic System (ITS) infrastructure from cybersecurity threats

As cybersecurity gains in criticality for transportation and traffic systems, resources will continue to expand. For example, a new research center—CYBER-CARE, the Transportation Cybersecurity Center for Advanced Research and Education—is supported by U.S. Department of Transportation grants. The center’s goal is to make intelligent transportation systems safer for everyone by:

• Protecting vehicle control systems that perform safety-critical functions
• Detecting and responding to potential cyber incidents that involve U.S. traffic networks
• Building a framework that incorporates cyber resilience and enables rapid post-incident recovery
• Disseminating information and resources for industry-wide best practices

You can also count on Belden as a resource. Our in-house ITS and cybersecurity experts have decades of experience in protecting critical infrastructure from cybersecurity threats.

Working with us begins with an assessment to gauge where you are, where you want to go and what you need to do to get there. After evaluating your current state to determine what’s working and what isn’t, we present possible solutions to fortify your ITS infrastructure and protect the public.

Related resources:

Driving the Future: Revolutionizing Road Travel with Intelligent Traffic Systems

The Path to Traffic Safety and Efficiency Begins with Roadway Digitization

The Role of Mass Transit Automation in Passenger Satisfaction